From f426fbf746c37da76dd5aae2ecf6593d64678f4a Mon Sep 17 00:00:00 2001 From: Peter Eisentraut Date: Tue, 18 Nov 2008 13:10:20 +0000 Subject: Ident authentication over Unix-domain sockets on Solaris, using getpeerucred() function. Author: Garick Hamlin --- src/backend/libpq/auth.c | 42 +++++++++++++++++++++++++++++++++++++++++- src/include/pg_config.h.in | 6 ++++++ 2 files changed, 47 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c index e89b040b67e..bccb0a516f2 100644 --- a/src/backend/libpq/auth.c +++ b/src/backend/libpq/auth.c @@ -8,7 +8,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.170 2008/10/28 12:10:43 mha Exp $ + * $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.171 2008/11/18 13:10:20 petere Exp $ * *------------------------------------------------------------------------- */ @@ -21,6 +21,9 @@ #include #include #endif +#ifdef HAVE_UCRED_H +# include +#endif #include #include #include @@ -1611,6 +1614,43 @@ ident_unix(int sock, char *ident_user) strlcpy(ident_user, pass->pw_name, IDENT_USERNAME_MAX + 1); + return true; +#elif defined(HAVE_GETPEERUCRED) + /* Solaris > 10 */ + uid_t uid; + struct passwd *pass; + ucred_t *ucred; + + ucred = NULL; /* must be initialized to NULL */ + if (getpeerucred(sock, &ucred) == -1) + { + ereport(LOG, + (errcode_for_socket_access(), + errmsg("could not get peer credentials: %m"))); + return false; + } + + if ((uid = ucred_geteuid(ucred)) == -1) + { + ereport(LOG, + (errcode_for_socket_access(), + errmsg("could not get effective UID from peer credentials: %m"))); + return false; + } + + ucred_free(ucred); + + pass = getpwuid(uid); + if (pass == NULL) + { + ereport(LOG, + (errmsg("local user with ID %d does not exist", + (int) uid))); + return false; + } + + strlcpy(ident_user, pass->pw_name, IDENT_USERNAME_MAX + 1); + return true; #elif defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) || (defined(HAVE_STRUCT_SOCKCRED) && defined(LOCAL_CREDS)) struct msghdr msg; diff --git a/src/include/pg_config.h.in b/src/include/pg_config.h.in index 2314d819659..9f6f21bf817 100644 --- a/src/include/pg_config.h.in +++ b/src/include/pg_config.h.in @@ -182,6 +182,9 @@ /* Define to 1 if you have the `getpeereid' function. */ #undef HAVE_GETPEEREID +/* Define to 1 if you have the `getpeerucred' function. */ +#undef HAVE_GETPEERUCRED + /* Define to 1 if you have the `getpwuid_r' function. */ #undef HAVE_GETPWUID_R @@ -557,6 +560,9 @@ /* Define to 1 if you have the external array `tzname'. */ #undef HAVE_TZNAME +/* Define to 1 if you have the header file. */ +#undef HAVE_UCRED_H + /* Define to 1 if the system has the type `uint64'. */ #undef HAVE_UINT64 -- cgit v1.2.3